<?
	class ftp
	{
		private $db_link;

		private $default_gid = "99";
		private $default_uid = "99";
		private $default_path = "/home/apache/";
		
		function __construct()
		{
			$this->db_link = $_SESSION['portiqus']->getDB();
		}
		
		public function Run()
		{
			$was_soll_ich_machen = $_GET['run'];
			$womit = $_GET['was'];

			if (isset($was_soll_ich_machen)) 
			{
				switch($was_soll_ich_machen)
				{
					case "edit":
						if (isset($womit))
						{
							if ( isset($_POST['login']) && isset($_POST['password']) && isset($_POST['directory']) && isset($_POST['gid']) && isset($_POST['uid']))
							{
								if ( ($_POST['login'] != "") && ($_POST['password'] != "") && ($_POST['directory'] != "")  && ($_POST['gid'] != "") && ($_POST['uid'] != "") )
								{
									if (isset($_POST['password_ist_md5']))
									{
										$this->_doUpdateUser($womit, $_POST['login'], $_POST['password'], $_POST['directory'], $_POST['password_ist_md5'], $_POST['gid'], $_POST['uid']);
									}
									else
									{
										$this->_doUpdateUser($womit, $_POST['login'], $_POST['password'], $_POST['directory'], "", $_POST['gid'], $_POST['uid']);
									}
								}
								else
								{
									$this->_doEditUser($womit);
								}
							}
							else
							{
									$this->_doEditUser($womit);
							}
						}
						break;
					case "delete":
						if (isset($womit))
						{
							$this->_doDeleteAt($womit);
						}
						break;
					case "new":
						if ( isset($_POST['login']) && isset($_POST['password']) && isset($_POST['directory']) && isset($_POST['gid']) && isset($_POST['uid']) )
						{
							if ( ($_POST['login'] != "") && ($_POST['password'] != "") && ($_POST['directory'] != "") && ($_POST['gid'] != "") && ($_POST['uid'] != "") )
							{
							$this->_doInsertUser($_POST['login'], $_POST['password'], $_POST['directory'], $_POST['password_ist_md5'], $_POST['gid'], $_POST['uid'], $_POST['verzeichnis_anlegen']);
							}
							else
							{
								$this->_doAddNew();
							}
						}
						else
						{
							$this->_doAddNew();
						}
						break;
					default:
						break;
				}
			}
			else
			{
				$this->_displayAll();
			}
  	}

		function _doDeleteAt($id_ftpuser)
		{
			if (  preg_match('/^[0-9]{1,2}$/', $id_ftpuser) )
			{
				$query = "DELETE FROM ftpuser WHERE id_ftpuser='" . mysql_escape_string($id_ftpuser) . "';";
				$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
				
				$this->_displayAll();
			}
			else
			{
				print "Achtung SQL-Injection: Bitte lass das!";
				exit;
			}
		}

		function _doInsertUser($login, $pass, $dir, $pass_ist_md5, $gid, $uid, $verzeichnis_anlegen)
		{
			if ( preg_match('/^[0-9a-zA-Z]{1,}$/', $login) && preg_match('/^[0-9a-zA-Z]{1,}$/', $pass) && preg_match('/^[0-9a-zA-Z\/\.]{1,}$/', $dir) && preg_match('/^[0-9]{1,4}$/', $gid) && preg_match('/^[0-9]{1,4}$/', $uid))
			{
				// http://www.koders.com/php/fid83C93C55AB18B6F4ADE30BF2389DEB6882034569.aspx
				// sec_is_directory_traversal($data);
				// Simple Directory Traversal Attack With the "\" or "/" char in Hex
				// "/\w*((\%5c)|(\/)|(\%2f)|(\\\))\.\./i"
				// ".." oder "%2e%2e" oder ??
				if (strpos($dir, "..") >= 0)
				{
					// ".." in $dir gefunden, moeglicherweise ein angriff
					print "'..' im Pfad ist nicht erlaubt.";
					$this->_doAddNew();
					return;
				}
				
				// faengt $dir mit "/" an?
				if ($dir[0] != "/")
				{
					$dir = $this->default_path . $dir;
				}
				else
				{
					$dir = $this->default_path . substr($dir, 1);
				}
				
				if ($pass_ist_md5 == "true")
				{
					$query = "INSERT INTO ftpuser (login, password, directory, gid, uid) VALUES ('" . mysql_escape_string($login) . "', MD5('" . mysql_escape_string($pass) . "'), '" . mysql_escape_string($dir) . "', '" . mysql_escape_string($gid) . "', '" . mysql_escape_string($uid) . "' );";
				}
				else
				{
					$query = "INSERT INTO ftpuser (login, password, directory, gid, uid) VALUES ('" . mysql_escape_string($login) . "', '" . mysql_escape_string($pass) . "', '" . mysql_escape_string($dir) . "', '" . mysql_escape_string($gid) . "', '" . mysql_escape_string($uid) . "' );";
				}

				$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

				if ($verzeichnis_anlegen == "true")
				{
					if (mkdir ($dir, 0700, true))
					{
						// kein fehler
						print "verzeichnis erstellt";
					}
					else
					{
						// fehler
						print "fehler";
					}
				}

				$this->_displayAll();
			}
			else
			{
				print "Achtung SQL-Injection: Bitte lass das!<br />";
				exit;
			}
		}
		
		function _doUpdateUser($id_ftpuser, $login, $pass, $dir, $pass_ist_md5, $gid, $uid)
		{
			if (  preg_match('/^[0-9]{1,2}$/', $id_ftpuser) && preg_match('/^[0-9]{1,4}$/', $gid) && preg_match('/^[0-9]{1,4}$/', $uid) )
			{
				if ( preg_match('/^[0-9a-zA-Z]{1,}$/', $login) && preg_match('/^[0-9a-zA-Z]{1,}$/', $pass) && preg_match('/^[0-9a-zA-Z\/\.]{1,}$/', $dir))
				{
					if ($pass_ist_md5 == "true")
					{
						$query = "UPDATE ftpuser SET login='" . mysql_escape_string($login) . "', password='" . mysql_escape_string($pass) . "', directory='" . mysql_escape_string($dir) . "', gid='" . mysql_escape_string($gid) . "', uid='" . mysql_escape_string($uid) . "' WHERE id_ftpuser='" . $id_ftpuser . "';";
					}
					else
					{
						$query = "UPDATE ftpuser SET login='" . mysql_escape_string($login) . "', password=MD5('" . mysql_escape_string($pass) . "'), directory='" . mysql_escape_string($dir) . "', gid='" . mysql_escape_string($gid) . "', uid='" . mysql_escape_string($uid) . "' WHERE id_ftpuser='" . $id_ftpuser . "';";
					}
					
					$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
					$this->_displayAll();
				}
				else
				{
					print "Achtung SQL-Injection: Bitte lass das!";
					exit;
				}
			}
			else
			{
				print "Achtung SQL-Injection: Bitte lass das!";
				exit;
			}
				
		}
		
  	function _displayAll()
  	{
			$query = "SELECT id_ftpuser, login, password, directory, gid, uid FROM ftpuser ORDER BY id_ftpuser;";
			$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

			?>
				<div id="inhalt">
					<table border="0" cellpadding="0" cellspacing="0">
						<? // <tr align=left><th width=50>id</th><th width=100>login</th><th width=250>password (md5)</th><th width=200>directory</th><th width=30>UID</th><th width=30>GID</th></tr> ?>
						<tr align=left><th width=50>id</th><th width=100>login</th><th width=200>directory</th><th width=30>UID</th><th width=30>GID</th></tr>
					<?
						while ($line = mysql_fetch_array($result, MYSQL_ASSOC))
						{
							print "<tr height=15>";

							print "\t\t<td align=left>" . $line['id_ftpuser'] . "</td>\n";
							print "\t\t<td align=left>" . $line['login'] . "</td>\n";
							print "\t\t<td align=left>" . $line['directory'] . "</td>\n";
							print "\t\t<td align=left>" . $line['gid'] . "</td>\n";
							print "\t\t<td align=left>" . $line['uid'] . "</td>\n";

							print '<td><a href="?action=ftp&run=edit&was=' . $line['id_ftpuser'] . '">edit</a> <a href="?action=ftp&run=delete&was=' . $line['id_ftpuser'] . '">delete</a></td></tr>';
						}
						
						mysql_free_result($result);
					?>
				</div>
				Verf&uuml;gbare Aktionen:<br>
				&nbsp;<a href="?action=ftp&run=new">einen neuen FTP-Zugang anlegen</a><br>
				oder<br>
				&nbsp;einen vorhandenen FTP-Zugang editieren:<br><br>
			<?
  	}
  	
  	function _doAddNew()
  	{
  		?>
			<div id="inhalt">
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
  		<br><br>
  		<!-- <div id="inhalt"> -->
  			<form method="POST" action="" name="neuer_account">
  				<table border="0" cellspacing="3" cellpadding="0" width="550">
  					<tr><td>login</td><td align="right"><input type="text" name="login" value="" size="50" maxlength="50"></td><td></td></tr>
  					<tr><td>password</td><td align="right"><input type="text" name="password" value="" size="50" maxlength="50"></td><td align=right><a href="javascript:void(0)" onclick="javaScript:document.forms.neuer_account.password.value=getRealPassword();"><acronym title="Erstellt ein Zufallspassword mit 8 Zeichen.">[ZUFALL]</a></td></tr>
  					<tr><td>password is md5</td></td><td align=right><input type="checkbox" name="password_ist_md5" value="true"></td></tr>
  					<tr><td>directory</td><td align="right"><input type="text" name="directory" value="" size="50" maxlength="50"></td><td align=right><acronym title="Der Pfad ist immer relativ zu '<? print $this->default_path; ?>'.">[NFO]</td></tr>
  					<tr><td>create directory</td></td><td align=right><input type="checkbox" name="verzeichnis_anlegen" value="true" checked></td></tr>
	  				<tr><td>UID</td><td align="right"><input type="text" name="uid" value="<? print $this->default_uid; ?>" size="5" maxlength="5"></td><td align=right></td></tr>
	  				<tr><td>GID</td><td align="right"><input type="text" name="gid" value="<? print $this->default_gid; ?>" size="5" maxlength="5"></td><td align=right></td></tr>
  					<tr><td></td><td></td><td align=right><input class="createb" type="submit" value="Erstellen"></td></tr>
  				</table>
  			</form>
  		</div>
  		<?
  	}
  	
  	function _doEditUser($id_ftpuser)
  	{
  		if (  preg_match('/^[0-9]{1,2}$/', $id_ftpuser) )
  		{
				$query = "SELECT login, password, directory, gid, uid FROM ftpuser WHERE id_ftpuser='" . $id_ftpuser . "';";
				$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
				$line = mysql_fetch_array($result, MYSQL_ASSOC)

	  		?>
				<div id="inhalt">
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel lorem ipsum blafasel<br>
	  		<br><br>
	  		<!-- <div id="inhalt"> -->
	  			<form method="POST" action="" name="neuer_account">
	  				<table border="0" cellspacing="3" cellpadding="0" width="550">
	  					<tr><td>login</td><td align="right"><input type="text" name="login" value="<? print $line['login']; ?>" size="50" maxlength="50"></td><td></td></tr>
	  					<tr><td>password</td><td align="right"><input type="text" name="password" value="<? print $line['password']; ?>" size="50" maxlength="50"></td><td align=right><a href="javascript:void(0)" onclick="javaScript:document.forms.neuer_account.password.value=getRealPassword();"><acronym title="Erstellt ein Zufallspassword mit 8 Zeichen.">[ZUFALL]</a></td></tr>
	  					<tr><td>password is md5</td></td><td align=right><input type="checkbox" name="password_ist_md5" value="true" checked></td></tr>
	  					<tr><td>directory</td><td align="right"><input type="text" name="directory" value="<? print $line['directory']; ?>" size="50" maxlength="50"></td><td align=right><acronym title="Beginnt der Pfad nicht mit /, so wird '/home/apache/' als Prefix genommen.">[NFO]</td></tr>
	  					<tr><td>UID</td><td align="right"><input type="text" name="uid" value="<? print $line['uid']; ?>" size="5" maxlength="5"></td><td align=right></td></tr>
	  					<tr><td>GID</td><td align="right"><input type="text" name="gid" value="<? print $line['gid']; ?>" size="5" maxlength="5"></td><td align=right></td></tr>
	  					<tr><td></td><td></td><td align=right><input class="createb" type="submit" value="Aktualisieren"></td></tr>
	  				</table>
	  			</form>
	  		</div>
	  		<?
	  		mysql_free_result($result);
	  	}
	  	else
	  	{
	  	}
  	}

	}
?>